Detections
Analytics

EMC RSA Authentication Manager < 8.4 P11 XSS Vulnerability (DSA-2020-066)

medium Nessus Plugin ID 135924

Language:

Synopsis

An application running on the remote host is affected by an insecure credential management vulnerability.

Description

The version of EMC RSA Authentication Manager running on the remote host is prior to 8.4 Patch 11. It is, therefore, affected by stored cross-site scripting vulnerability in the Security Console. A authorized remote user could exploit this vulnerability to store arbitrary HTML or JavaScript code through the Security Console web interface. When other Security Console administrators open the affected page, the injected scripts could potentially be executed in their browser.

Solution

Upgrade to EMC RSA Authentication Manager version 8.4 Patch 11 or later.

See Also

https://nvd.nist.gov/vuln/detail/CVE-2020-5346

http://www.nessus.org/u?0ede1199

Plugin Details

Severity: Medium

ID: 135924

File Name: emc_rsa_am_8_4_p11.nasl

Version: 1.2

Type: remote

Family: CGI abuses

Published: 4/23/2020

Updated: 4/24/2020

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.0

CVSS v2

Risk Factor: Low

Base Score: 3.5

Temporal Score: 2.6

Vector: CVSS2#AV:N/AC:M/Au:S/C:N/I:P/A:N

CVSS Score Source: CVE-2020-5346

CVSS v3

Risk Factor: Medium

Base Score: 4.8

Temporal Score: 4.2

Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:emc:rsa_authentication_manager, cpe:/a:rsa:authentication_manager

Required KB Items: installed_sw/EMC RSA Authentication Manager

Exploit Ease: No known exploits are available

Patch Publication Date: 4/23/2020

Vulnerability Publication Date: 4/23/2020

Reference Information

CVE: CVE-2020-5346

BID: 107210

IAVB: 2020-B-0020